Entity Authorization

shakenbrain Oct 16, 2007 9:26 PM

Can someone tell me if the following is possible?

Application users (SiteUser) have a collection of authorizedOrganizations (Organization). Other (but not all) entities in the model belong to one particular organization. When those particular entities (perhaps identified by a custom annotation?) are loaded from the database, I'd like to verify that the entity's organization is contained within the authorizedOrganizations belonging to the connected user (a SiteUser in session scope). If that verification fails, I want to throw an AuthorizationException.

I don't think a hibernate filter will work, because the authorized organizations live in a collection...

I don't think there's a seam event I can work with...

I don't think the Hibernate event system will work either...

If anyone has a suggestion for an avenue to investigate, I'd appreciate it. I can always do the verification 'manually' (in each load entity method), but I'm hoping there's a better way...

1. Re: Entity Authorization

shane.bryzak Oct 18, 2007 9:50 PM (in response to shakenbrain)

Can you use entity security to achieve this?

http://docs.jboss.org/seam/2.0.0.CR2/reference/en/html/security.html#d0e7324
Actions
2. Re: Entity Authorization

shakenbrain Oct 19, 2007 12:04 AM (in response to shakenbrain)

Thanks for the response. I think it might be possible. I've got some drools reading to do...
Actions

Go to original post